Fedora Linux 8783 Published by

The following security updates have been released for Fedora Linux:

Fedora 38 Update: vim-9.0.2167-1.fc38
Fedora 38 Update: seamonkey-2.53.18-1.fc38
Fedora 38 Update: polymake-4.10-2.fc38
Fedora 38 Update: perl-PAR-Packer-1.057-4.fc38
Fedora 38 Update: perl-Devel-Cover-1.36-11.fc38
Fedora 38 Update: perl-5.36.3-498.fc38
Fedora 39 Update: vim-9.0.2167-1.fc39




Fedora 38 Update: vim-9.0.2167-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-ca6c3651fe
2023-12-17 01:41:25.869203
--------------------------------------------------------------------------------

Name : vim
Product : Fedora 38
Version : 9.0.2167
Release : 1.fc38
URL : http://www.vim.org/
Summary : The VIM editor
Description :
VIM (VIsual editor iMproved) is an updated and improved version of the
vi editor. Vi was the first real screen-based editor for UNIX, and is
still very popular. VIM improves on vi by adding new features:
multiple windows, multi-level undo, block highlighting and more.

--------------------------------------------------------------------------------
Update Information:

The newest upstream commit Security fixes for CVE-2023-48706, CVE-2023-46246
--------------------------------------------------------------------------------
ChangeLog:

* Fri Dec 15 2023 Zdenek Dohnal [zdohnal@redhat.com] - 2:9.0.2167-1
- patchlevel 2167
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2246953 - CVE-2023-46246 vim: Integer Overflow in :history command
https://bugzilla.redhat.com/show_bug.cgi?id=2246953
[ 2 ] Bug #2251118 - CVE-2023-48706 vim: use-after-free in ex_substitute in Vim
https://bugzilla.redhat.com/show_bug.cgi?id=2251118
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-ca6c3651fe' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: seamonkey-2.53.18-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-deb5cf6515
2023-12-17 01:41:25.869178
--------------------------------------------------------------------------------

Name : seamonkey
Product : Fedora 38
Version : 2.53.18
Release : 1.fc38
URL : http://www.seamonkey-project.org
Summary : Web browser, e-mail, news, IRC client, HTML editor
Description :
SeaMonkey is an all-in-one Internet application suite (previously made
popular by Netscape and Mozilla). It includes an Internet browser,
advanced e-mail, newsgroup and feed client, a calendar, IRC client,
HTML editor and a tool to inspect the DOM for web pages. It is derived
from the application formerly known as Mozilla Application Suite.

--------------------------------------------------------------------------------
Update Information:

Update to 2.53.18
--------------------------------------------------------------------------------
ChangeLog:

* Fri Dec 8 2023 Dmitry Butskoy [Dmitry@Butskoy.name] 2.53.18-1
- update to 2.53.18
- add patch for binutils >= 2.36
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-deb5cf6515' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: polymake-4.10-2.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-9ef8a60a05
2023-12-17 01:41:25.868965
--------------------------------------------------------------------------------

Name : polymake
Product : Fedora 38
Version : 4.10
Release : 2.fc38
URL : https://polymake.org/
Summary : Algorithms on convex polytopes and polyhedra
Description :
Polymake is a tool to study the combinatorics and the geometry of convex
polytopes and polyhedra. It is also capable of dealing with simplicial
complexes, matroids, polyhedral fans, graphs, tropical objects, and so
forth.

Polymake can use various computational packages if they are installed.
Those available from Fedora are: 4ti2, azove, gfan, latte-integrale,
normaliz, ocaml-tplib-tools, qhull, Singular, TOPCOM, and vinci.

Polymake can interface with various visualization packages if they are
installed. Install one or more of the tools from the following list:
evince, geomview, graphviz, gv, and okular.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2023-47038
--------------------------------------------------------------------------------
ChangeLog:

* Fri Dec 1 2023 Jitka Plesnikova [jplesnik@redhat.com] - 4.10-2
- Rebuild for Perl 5.36.3
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2251622 - CVE-2023-47038 perl: Write past buffer end via illegal user-defined Unicode property [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2251622
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-9ef8a60a05' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: perl-PAR-Packer-1.057-4.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-9ef8a60a05
2023-12-17 01:41:25.868965
--------------------------------------------------------------------------------

Name : perl-PAR-Packer
Product : Fedora 38
Version : 1.057
Release : 4.fc38
URL : https://metacpan.org/release/PAR-Packer
Summary : PAR Packager
Description :
This module implements the App::Packer::Backend interface, for generating
stand-alone executables, perl scripts and PAR files.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2023-47038
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 30 2023 Jitka Plesnikova [jplesnik@redhat.com] - 1.057-4
- Rebuild for Perl 5.36.3
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2251622 - CVE-2023-47038 perl: Write past buffer end via illegal user-defined Unicode property [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2251622
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-9ef8a60a05' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: perl-Devel-Cover-1.36-11.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-9ef8a60a05
2023-12-17 01:41:25.868965
--------------------------------------------------------------------------------

Name : perl-Devel-Cover
Product : Fedora 38
Version : 1.36
Release : 11.fc38
URL : https://metacpan.org/release/Devel-Cover
Summary : Code coverage metrics for Perl
Description :
This module provides code coverage metrics for Perl. Code coverage metrics
describe how thoroughly tests exercise code. By using Devel::Cover you can
discover areas of code not exercised by your tests and determine which
tests to create to increase coverage. Code coverage can be considered as an
indirect measure of quality.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2023-47038
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 30 2023 Jitka Plesnikova [jplesnik@redhat.com] - 1.36-11
- Rebuild for Perl 5.36.3
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2251622 - CVE-2023-47038 perl: Write past buffer end via illegal user-defined Unicode property [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2251622
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-9ef8a60a05' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: perl-5.36.3-498.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-9ef8a60a05
2023-12-17 01:41:25.868965
--------------------------------------------------------------------------------

Name : perl
Product : Fedora 38
Version : 5.36.3
Release : 498.fc38
URL : https://www.perl.org/
Summary : Practical Extraction and Report Language
Description :
Perl is a high-level programming language with roots in C, sed, awk and shell
scripting. Perl is good at handling processes and files, and is especially
good at handling text. Perl's hallmarks are practicality and efficiency.
While it is used to do a lot of different things, Perl's most common
applications are system administration utilities and web programming.

This is a metapackage with all the Perl bits and core modules that can be
found in the upstream tarball from perl.org.

If you need only a specific feature, you can install a specific package
instead. E.g. to handle Perl scripts with /usr/bin/perl interpreter,
install perl-interpreter package. See perl-interpreter description for more
details on the Perl decomposition into packages.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2023-47038
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 30 2023 Jitka Plesnikova [jplesnik@redhat.com] - 4:5.36.3-498
- 5.36.3 bump (see ( https://metacpan.org/release/PEVANS/perl-5.36.3/view/pod/perldelta.pod)
or release notes)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2251622 - CVE-2023-47038 perl: Write past buffer end via illegal user-defined Unicode property [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2251622
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-9ef8a60a05' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: vim-9.0.2167-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-3fbd936b15
2023-12-17 01:34:46.736675
--------------------------------------------------------------------------------

Name : vim
Product : Fedora 39
Version : 9.0.2167
Release : 1.fc39
URL : http://www.vim.org/
Summary : The VIM editor
Description :
VIM (VIsual editor iMproved) is an updated and improved version of the
vi editor. Vi was the first real screen-based editor for UNIX, and is
still very popular. VIM improves on vi by adding new features:
multiple windows, multi-level undo, block highlighting and more.

--------------------------------------------------------------------------------
Update Information:

The newest upstream commit Security fixes for CVE-2023-48706, CVE-2023-46246
--------------------------------------------------------------------------------
ChangeLog:

* Fri Dec 15 2023 Zdenek Dohnal [zdohnal@redhat.com] - 2:9.0.2167-1
- patchlevel 2167
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2246953 - CVE-2023-46246 vim: Integer Overflow in :history command
https://bugzilla.redhat.com/show_bug.cgi?id=2246953
[ 2 ] Bug #2251118 - CVE-2023-48706 vim: use-after-free in ex_substitute in Vim
https://bugzilla.redhat.com/show_bug.cgi?id=2251118
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-3fbd936b15' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--